Originally Posted on Cloudflare.
Today, we’re excited to announce our newest Network On-ramp partnerships for Cloudflare One. Cloudflare One lays out our vision to achieve a secure and optimized global network for our customers. We know the promise of replacing MPLS links with a global, secure, performant and observable network is going to transform the corporate network and the industry itself. To realize this vision, customers can connect to Cloudflare’s global network from their existing trusted WAN & SD-WAN appliances and privately interconnect via the datacenters they are co-located in.
Today, we are launching our WAN and SD-WAN partnerships with VMware, Aruba and Infovista. We are also adding Digital Realty, CoreSite, EdgeConneX, 365 Data Centers, BBIX, Teraco and Netrality Data Centers to our existing Network Interconnect partners Equinix ECX, Megaport, PacketFabric, PCCW ConsoleConnect and Zayo. Cloudflare’s Network On-ramp partnerships now span 15 leading connectivity providers in 70 unique locations, making it easy for our customers to get their traffic onto Cloudflare in a secure and performant way, wherever they are.
Connect to Cloudflare using your existing WAN or SD-WAN Provider
With Magic WAN, customers can securely connect data centers, offices, devices and cloud properties to Cloudflare’s network and configure routing policies to get the bits where they need to go, all within one SaaS solution: no more MPLS expense or lead times and no more performance penalties from traffic trombones. Many organizations use physical or virtual SD-WAN appliances today to route or tunnel traffic between offices, data centers, and public clouds. Starting today, these customers can leverage their existing infrastructure investments — physical or virtual in the cloud — to connect traffic to Magic WAN with a few simple commands.
Consider the sample setup below. Magic WAN + Network Onramp Partners allows you to connect on-premise and cloud VPCs in RFC1918 subnets using both physical and virtual appliances, with Magic WAN providing accelerated and secure connectivity. Additionally, Magic Firewall allows you to configure and enforce firewall rules at edge and consistently across all traffic that flows through Magic WAN. Cloudflare’s broad network reach in 200+ cities also means the nearest data center is always close by.
3 private networks, using a mixture of a partner hardware appliance, a partner virtual AMI, and a generic Linux router connected to Cloudflare Magic WAN via the nearest Cloudflare data center.
While simple setup and compatibility are great, our shared roadmap with our partners is much more ambitious. Today, these connections are made over Anycast GRE and we will be announcing IPSec support soon, allowing customers multiple connectivity methods.
In future releases, on-ramp partner devices will only require authorization credentials to prove they are part of a customer Magic WAN network, and will then be able to call out to the Magic WAN management API and self-configure — truly realizing the plug’n’play vision of cloud networking. Additionally, Magic WAN customers will be able to benefit from layering Cloudflare’s Zero Trust security for application access and Internet browsing that unites Zero Trust network access (ZTNA), Secure Web Gateway (SWG), Remote Browser Isolation (RBI), DNS security, L4 firewall, and other once-distinct point products into one seamless platform.
“VMware SD-WAN virtualizes the WAN to decouple network software services from the underlying hardware—providing agility and performance for all enterprises and is a foundational component of the VMware Secure Access Service Edge (SASE) platform. VMware and Cloudflare share a vision to provide customers a cost-effective, turnkey and more secure Global WAN.”
– Mark Vondemkamp, vice president products, SD-WAN and SASE business, VMware.
“Aruba, a Hewlett Packard Enterprise company, is pleased to collaborate with Cloudflare to develop solutions that will enable our customers to easily deploy the Aruba EdgeConnect SD-WAN platform, acquired with Silver Peak, as the enterprise connectivity onramp to the Cloudflare Magic WAN and Magic Firewall. This new solution builds on the Aruba EdgeConnect platform’s best-in-class integration with leading cloud connectivity and security services, and will enable customers to utilize Cloudfare’s Global Edge Network to protect and accelerate cloud workloads.”
– Fraser Street, Head of WAN technical alliances for Aruba.
Privately Interconnecting to Cloudflare via PNI
Tunneling traffic to the nearest Cloudflare data center (which since we’re in over 200 cities, is always close by) is at the heart of Cloudflare Magic WAN. We use standard Internet protocols like GRE and IPSec (coming soon) to securely deliver traffic between our network and our customers’ infrastructure. While protocol-level security is great, anytime you have Internet-facing infrastructure, you open up an attack surface to misconfiguration.
For organizations that want the highest level of security and performance, Magic WAN can be combined with Cloudflare Network Interconnect Partners for a private, secure and reliable layer 2 network between Cloudflare’s edge and our customers’ network. Private connectivity is one more weapon in building out defense in depth for your network.
Last year, we announced our first round of our Network Interconnection Partnerships. Today, we’re adding Digital Realty, CoreSite, EdgeConneX, 365 Data Centers, BBIX, Teraco, and Netrality Data Centers to provide:
- Colocation with Cloudflare in 70 locations
- Reduced cross connect lead times
- Connectivity reference architectures
With our new partnerships, customers now have more choice to connect privately and securely either via cloud exchanges (a software defined VLAN ordered via dashboard) or with private physical connectivity.
The WAN of the future, today
Over the last 10 years, Cloudflare has built one of the fastest, most reliable, and most secure networks in the world. This week we have announced several more performance and security features that customers can leverage for their global security and networking needs. The Network On-ramp Partnerships launch provides private, secure and high performance options to connect your traffic sources to Cloudflare.
To join our list of On-ramp Partners, please reach out to us at firstname.lastname@example.org. We would love to hear more about the platforms you use and would like to see us integrate with – reach out to us here.
If you’d like to learn more about our Network On-ramp Partners, physical PNIs/CNIs, partner/virtual CNIs and how they integrate with Magic WAN, contact your account team or reach out to email@example.com. To learn more about Magic WAN, please fill out the Contact Us form on the product page.